diff --git a/app/src/main/java/pt/ulisboa/tecnico/cmu/ubibike/UbiconnectActivity.java b/app/src/main/java/pt/ulisboa/tecnico/cmu/ubibike/UbiconnectActivity.java index ecfca77..619340d 100644 --- a/app/src/main/java/pt/ulisboa/tecnico/cmu/ubibike/UbiconnectActivity.java +++ b/app/src/main/java/pt/ulisboa/tecnico/cmu/ubibike/UbiconnectActivity.java @@ -13,6 +13,7 @@ import android.os.IBinder; import android.os.Messenger; import android.os.SystemClock; +import android.util.Base64; import android.util.Log; import android.view.View; import android.widget.AdapterView; @@ -21,6 +22,8 @@ import android.widget.TextView; import android.widget.Toast; +import com.ubibike.CriptoHelper; + import org.json.JSONException; import org.json.JSONObject; @@ -34,9 +37,14 @@ import java.net.Socket; import java.net.SocketAddress; import java.net.UnknownHostException; +import java.security.GeneralSecurityException; +import java.security.PrivateKey; +import java.security.PublicKey; import java.util.ArrayList; import java.util.HashMap; import java.util.List; +import java.util.Random; +import java.util.UUID; import java.util.concurrent.ExecutionException; import pt.inesc.termite.wifidirect.SimWifiP2pBroadcast; @@ -83,6 +91,7 @@ public class UbiconnectActivity extends CommonWithButtons implements private ArrayList peersNamesArrayList = new ArrayList<>(); private ArrayList peersIPsArrayList = new ArrayList<>(); + private ArrayList receivedPointsUUID = new ArrayList<>(); private String userToConnectIp; private TextView personView; @@ -367,6 +376,29 @@ public void onClick(View v){ json.put(POINTS_ORIGIN, pointsOriginMessageToReceiver); json.put(POINTS_ORIGIN_TO_ME, pointsOriginMessageToMe); + // Security settings + try{ + //get Private key from file obtained using path given as argument + System.out.println("Getting Private key using file..."); + PrivateKey privK = CriptoHelper.getPrivateKey(CriptoHelper.getKeyFileName(myName, true)); + UUID uuid = UUID.randomUUID(); + + //get digital signature with private key from server + System.out.println("Getting Digital Signature..."); + byte[] mDigitalSignature = CriptoHelper.makeDigitalSignature(json.toString().getBytes(), privK); + byte[] uuidDigitalSignature = CriptoHelper.makeDigitalSignature(json.toString().getBytes(), privK); + + //encode in base64 string from encrypted message with private "joana" key + String mDg64 = Base64.encodeToString(mDigitalSignature, 1); + String uuidDg64 = Base64.encodeToString(uuidDigitalSignature, 1); + + json.put(DIGITAL_SIGNATURE_ON_MESSAGE, mDg64); + json.put(POINTS_TRANSFER_UUID, uuid.toString()); + json.put(DIGITAL_SIGNATURE_ON_UUID, uuidDg64); + } catch (Exception e) { + e.printStackTrace(); + } + // create an PointsTransfer object that contains the transaction PointsTransfer pts = new PointsTransfer(PointsTransfer.SENT_TO_A_PEER, Integer.parseInt(points), connectedUser, json); // add the transaction to the pointsExchange log @@ -910,6 +942,45 @@ protected boolean isMessageExchange(String receivedMessage) { String origin = jsondata.getString(POINTS_ORIGIN); // put the pair on the mPoints that keeps the history of the score + // Security settings + try{ + // get uuid identifier + String uuid = jsondata.getString(POINTS_TRANSFER_UUID); + if(receivedPointsUUID.contains(uuid)) { + Log.d(TAG, "This points were already transfered!"); + return false; + } else { + receivedPointsUUID.add(uuid); + } + + // Verify non tempering of data and reply + String mDg64 = jsondata.getString(DIGITAL_SIGNATURE_ON_MESSAGE); + String uuidDg64 = jsondata.getString(DIGITAL_SIGNATURE_ON_UUID); + + byte[] mDigitalSignature = Base64.decode(mDg64, 1); + byte[] uuidDigitalSignature = Base64.decode(uuidDg64, 1); + + PublicKey pubSenderKey = CriptoHelper.getPublicKey(CriptoHelper.getKeyFileName(myName, false)); + + JSONObject jsondataCopy = new JSONObject(jsondata.toString()); + jsondataCopy.remove(DIGITAL_SIGNATURE_ON_MESSAGE); + jsondataCopy.remove(POINTS_TRANSFER_UUID); + jsondataCopy.remove(DIGITAL_SIGNATURE_ON_UUID); + + if(!CriptoHelper.verifyDigitalSignature(uuidDigitalSignature, uuid.getBytes(), pubSenderKey)){ + Log.d(TAG, "This points were tempered!"); + return false; + } + if(!CriptoHelper.verifyDigitalSignature(mDigitalSignature, jsondataCopy.toString().getBytes(), pubSenderKey)){ + Log.d(TAG, "This points were tempered!"); + return false; + } + + } catch (Exception e) { + e.printStackTrace(); + } + + applyReceivedPoints(points, origin, pointsSender, jsondata); Log.d("received pts ", points); diff --git a/common/src/main/java/com/ubibike/Constants.java b/common/src/main/java/com/ubibike/Constants.java index 5719191..09576e1 100644 --- a/common/src/main/java/com/ubibike/Constants.java +++ b/common/src/main/java/com/ubibike/Constants.java @@ -64,6 +64,9 @@ public static final String POINTS_TO_ADD = "points to add"; public static final String POINTS_ORIGIN = "points origin"; public static final String POINTS_ORIGIN_TO_ME = "points origin to me"; + public static final String DIGITAL_SIGNATURE_ON_MESSAGE = "digital signature on message"; + public static final String DIGITAL_SIGNATURE_ON_UUID = "digital signature on uuid"; + public static final String POINTS_TRANSFER_UUID = "points transfer uuid"; public static final String POINTS_HISTORY = "points history"; public static final String STATION_NAME = "station name"; public static final String RIDE_INFO = "ride info"; diff --git a/server/src/main/java/pt/ulisboa/tecnico/cmu/ubibike/Server/CriptoHelper.java b/common/src/main/java/com/ubibike/CriptoHelper.java similarity index 98% rename from server/src/main/java/pt/ulisboa/tecnico/cmu/ubibike/Server/CriptoHelper.java rename to common/src/main/java/com/ubibike/CriptoHelper.java index 8541fe0..64c7917 100644 --- a/server/src/main/java/pt/ulisboa/tecnico/cmu/ubibike/Server/CriptoHelper.java +++ b/common/src/main/java/com/ubibike/CriptoHelper.java @@ -1,4 +1,4 @@ -package pt.ulisboa.tecnico.cmu.ubibike.Server; +package com.ubibike; import javax.crypto.*; import javax.crypto.spec.IvParameterSpec; @@ -387,4 +387,8 @@ private static SecretKey generateSecretKey() throws NoSuchAlgorithmException{ SecretKey key = keyGen.generateKey(); return key; } + + public static String getKeyFileName(String myName, boolean isPrivate) { + return "keys/" + (isPrivate ? "private" : "public") + "_" + myName + ".key"; + } } diff --git a/keys/private_joana.key b/keys/private_joana.key index c833fab..0bfbd9b 100644 Binary files a/keys/private_joana.key and b/keys/private_joana.key differ diff --git a/keys/private_joao.key b/keys/private_joao.key index f83c7b8..4bf7eb1 100644 Binary files a/keys/private_joao.key and b/keys/private_joao.key differ diff --git a/keys/public_joana.key b/keys/public_joana.key index 4737596..32a5732 100644 Binary files a/keys/public_joana.key and b/keys/public_joana.key differ diff --git a/keys/public_joao.key b/keys/public_joao.key index ad27375..4b8988d 100644 Binary files a/keys/public_joao.key and b/keys/public_joao.key differ